In what circumstances and by what means/procedures is the hosting party able to access personal and case management data entered by other users, including in the administrator roles? What roles, rights and access to personal data do administrators have, respectively? More broadly, is there any documentation specifying the various CPIMS+ user profiles and corresponding access to data fields? Can supervisors and managers monitor logs of their staff on the system? If yes, how?
Every case has “record info” and “change log” that the supervisors can access:
There is also a new “audit log” feature in v1.6:
The audit functionality (as seen above) allows you to see who accessed the system/which case/which actions. There should be a clearly established procedure for allowing the systems administrators and developer team as the Helpdesk to access case level data and can then be verified by checking the audit logs. The functionality includes filters for specific times and usernames. You need to decide who else will have access to the audit functionality and how this can be verified in a transparent IA manner. Roles are determined at country level. It can even be decided for the system administrator not to have access to case level data but that would mean all issues with specific cases have to be escalated to Helpdesk (development team) directly which is not recommended as it is inefficient and wastes resources. The user rights can be determined at country level and based on the agreed upon ISP.
Users can be provided with training on how logs can be extracted and read by the national administrators and user organizations administrators. This is also a key method for diagnosing issues that the local service provider should be aware of.
Only some administrative users and team managers may have access to the Audit Log . To see the audit log, first navigate to Settings by clicking on the settings icon at the top of the page. In the side panel, you will see a link labelled "Audit Logs."
When you click on this link, you will see the audit log table. This contains a list of all actions which users have committed in the system. Each row represents a different action, including the user name of the user, the type of action, the type of the record on which the action was performed, and the date and time of the action. Using the filter inputs to the right of the list, you can filter which actions are displayed. You can filter by date and time or user name. To apply a set of filters, click "Apply," and to clear out all filters, click "Clear."